Re: Iptables

To: "debian-italian@lists.debian.org" <debian-italian@lists.debian.org>
Subject: Re: Iptables
From: Vincenzo Agosto <agosto@ariadne.it>
Date: Tue, 28 May 2002 13:02:30 +0200
Message-id: <[🔎] 3CF363C6.7F728C7C@ariadne.it>
References: <[🔎] 1022575164.763.14.camel@debsim>

Guarda questo, è fatto abbastanza bene
http://www.ebruni.it/it/pp/docs/lf/html/lf.htm

> Salve. Ho letto un po' di man iptables e un po' di HOWTO pero' mi sono
> venuti alcuni dubbi.
> 
> Per esempio da man iptables ho:
>       "ACCEPT  means  to  let  the packet through.  DROP means to
>        drop the packet on the floor.  QUEUE  means  to  pass  the
>        packet  to userspace (if supported by the kernel).  RETURN
>        means stop traversing this chain and resume  at  the  next
>        rule  in  the  previous  (calling) chain.  If the end of a
>        built-in chain is reached or a rule in  a  built-in  chain
>        with target RETURN is matched, the target specified by the
>        chain policy determines the fate of the packet."
> 
> Non e' esplicitamente detto se i target ACCEPT e DROP interrompono la
> catena o uno passa anche alla regola successiva.
> Se la interrompono non mi spiego come mai ipmasq (di default) mette come
> catena di INPUT
> Chain INPUT (policy DROP)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> LOG        all  --  127.0.0.0/8          anywhere           LOG level
> warning
> DROP       all  --  127.0.0.0/8          anywhere
> ACCEPT     all  --  anywhere             255.255.255.255
> ACCEPT     all  --  192.168.0.0/24       anywhere
> ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4
> LOG        all  --  192.168.0.0/24       anywhere           LOG level
> warning
> DROP       all  --  192.168.0.0/24       anywhere
> ACCEPT     all  --  anywhere             255.255.255.255
> ACCEPT     all  --  anywhere             r-bo060-6b170.tin.it
> LOG        all  --  anywhere             anywhere           LOG level
> warning
> DROP       all  --  anywhere             anywhere
> 
> In questo caso infatti mi sembra che tutti i pacchetti soddisfino alla
> prima regola (o sbaglio)?
> Inoltre non ho capito quale catena viene esaminata per prima (INPUT,
> FORWARD o OUTPUT di filter oppure PREROUTING ecc.. di nat ...) o se ne
> viene esaminata una sola (ma quale?)
> Potete consigliarmi qualche manuale?
> Grazie
> Ciao
>             Stefano
> 
> --
> To UNSUBSCRIBE, email to debian-italian-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


-- 
To UNSUBSCRIBE, email to debian-italian-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Iptables
  - From: Stefano Simonucci <stefano.simonucci@tin.it>

Prev by Date: Re: avendo distrutto /var
Next by Date: Re: Woody
Previous by thread: Iptables
Next by thread: Re: Iptables
Index(es):
- Date
- Thread